你这个 是拦截带 /jsp 的 .do请求
解决方案
用spring 的拦截器 去拦截 所有的 .do 请求,
然后写一个 过滤器去拦截 所有的.jsp 的请求
这样才能防止循环过滤
这种会把所有jsp请求过滤不推荐。
- <filter>
- <filter-name> loginFilter</filter-name>
- <filter-class>
- net.techfinger.yoyoapp.interceptor.CheckLoginFilter
- </filter-class>
- </filter>
- <filter-mapping>
- <filter-name>loginFilter</filter-name>
- <url-pattern>*.jsp</url-pattern>
- </filter-mapping>
-
-
- <servlet-mapping>
- <servlet-name>Spring-Servlet</servlet-name>
- <url-pattern>*.do</url-pattern>
- </servlet-mapping>
-
-
-
- public class CheckLoginFilter implements Filter{
- @Override
- public void destroy() {
- // TODO Auto-generated method stub
-
- }
-
- @Override
- public void doFilter(ServletRequest servletRequest,
- ServletResponse servletResponse, FilterChain filterChain)
- throws IOException, ServletException {
- // TODO Auto-generated method stub
-
- HttpServletRequest request = (HttpServletRequest) servletRequest;
- HttpServletResponse response = (HttpServletResponse) servletResponse;
- HttpSession session = request.getSession();
-
-
- // 获得用户请求的URI
- String path = request.getRequestURI();
- String contextPath = request.getContextPath();
- String url = path.substring(contextPath.length());
-
- Person person =SessionUtils.getPerson(request);
-
- if (person == null) {
- response.sendRedirect(contextPath+"/person.do?method=tologin");
- return;
- }
- if (person.getId()!=null&&person.getPassword()!=null) {
- filterChain.doFilter(servletRequest, servletResponse);
- return;
- }
-
- }
-
- @Override
- public void init(FilterConfig filterConfig) throws ServletException {
-
- }
- }
-
-
- public class AuthInterceptor extends HandlerInterceptorAdapter {
-
- private final static Logger log= Logger.getLogger(AuthInterceptor.class);
-
- @Override
- public boolean preHandle(HttpServletRequest request,
- HttpServletResponse response, Object handler) throws Exception {
- HandlerMethod method = (HandlerMethod)handler;
- Auth auth = method.getMethod().getAnnotation(Auth.class);
- ////验证登陆超时问题 auth = null,默认验证
- if( auth == null || auth.verifyLogin()){
- String baseUri = request.getContextPath();
- String path = request.getServletPath();
- Person person =SessionUtils.getPerson(request);
-
-
-
- if(person == null){
- if(path.endsWith(".jsp")){
- response.setStatus(response.SC_GATEWAY_TIMEOUT);
- response.sendRedirect(baseUri+"/person.do?method=tologin");
- return false;
- }else{
- response.setStatus(response.SC_GATEWAY_TIMEOUT);
- Map<String, Object> result = new HashMap<String, Object>();
- /* result.put("success", false);
- result.put("logoutFlag", true);//登录标记 true 退出
- result.put("msg", "登录超时.");
- XmlUtil.sendMsg(response, result);*/
- response.sendRedirect(baseUri+"/person.do?method=tologin");
- return false;
- }
- }
- }
- //验证URL权限
- if( auth == null || auth.verifyURL()){/*
-
- //判断请求的url,是否包含在该角色的url里
-
- String methodName=request.getParameter("method");
- String menuUrl = StringUtils.remove(request.getRequestURI(),request.getContextPath())+"?method="+methodName;
- System.out.println(menuUrl);
-
- if(!SessionUtils.isAccessUrl(request, StringUtils.trim(menuUrl))){
- //日志记录
- String userMail = SessionUtils.getPerson(request).getLoginName();
- String msg ="URL权限验证不通过:[url="+menuUrl+"][email ="+ userMail+"]" ;
- log.error(msg);
-
- response.setStatus(response.SC_FORBIDDEN);
- Map<String, Object> result = new HashMap<String, Object>();
- result.put("success", false);
- result.put("msg", "没有权限访问,请联系管理员.");
- XmlUtil.sendMsg(response, result);
- return false;
-
- }
- */}
- return super.preHandle(request, response, handler);
- }